Secure logs forwarding using Ngnix TLS termination

[Nehal Syed]

Hi guys,

I am having trouble sending "secure_forward" events to "in_forward" via nginx. I want Nginx (in server side) to receive client logs using TLS (port 443) then terminate SSL and handover log to in_forward.

secure_forward (clientnside)-> Nginx (TLS Termination on server side) -> in_forward (server-side)

Error I am getting:

    2018-02-18 21:19:38 +0000 [warn]: #0 failed to flush the buffer. retry_time=4 next_retry_seconds=2018-02-18 21:19:38 +0000 chunk="565831de554f70b42d315a995e5bc56a" error_class=OpenSSL::SSL::SSLError error="SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"

----- Client Side Config --------

    <source>

      @type http

      port 8888

      bind 0.0.0.0

      body_size_limit 32m

      keepalive_timeout 10s

    </source>

    <match *.**>

      @type forward

      transport tls

      tls_cert_path /opt/cloud/certs/cert.pem

      tls_verify_hostname true

      heartbeat_type none

      #tls_allow_self_signed_cert true

      <server>

        host server.fluentd.aggregator.example.com

        port 443 # Ngnix TLS Port

      </server>

    </match>

----- Server Side Config ------

    <source>

      @type forward

      port 24224 . # NGNIX handover traffic on port 443 to 24224 on server side

    </source>

    <match *.**>

      type elasticsearch

      include_tag_key true

      host "#{ENV['FLUENT_ELASTICSEARCH_HOST']}"

      port "#{ENV['FLUENT_ELASTICSEARCH_PORT']}"

    </match>

I would appreciate If anyone can help me setup this? If above scenario is not possible to implement then I guess I would have to terminate TlS Session on Fluentd aggregator instead of ngnix

Thanks

Nehal